ID

VAR-202210-1430


CVE

CVE-2022-41983


TITLE

F5 BIG-IP Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202210-1407

DESCRIPTION

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied

Trust: 0.99

sources: NVD: CVE-2022-41983 // VULHUB: VHN-438374

AFFECTED PRODUCTS

vendor:f5model:big-ip websafescope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip websafescope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip websafescope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip websafescope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:ltversion:15.1.6

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip websafescope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip websafescope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip websafescope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:14.1.5.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip websafescope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:ltversion:16.1.3.1

Trust: 1.0

sources: NVD: CVE-2022-41983

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-41983
value: LOW

Trust: 1.0

f5sirt@f5.com: CVE-2022-41983
value: LOW

Trust: 1.0

CNNVD: CNNVD-202210-1407
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2022-41983
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 2.0

sources: CNNVD: CNNVD-202210-1407 // NVD: CVE-2022-41983 // NVD: CVE-2022-41983

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

sources: VULHUB: VHN-438374 // NVD: CVE-2022-41983

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1407

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1407

PATCH

title:F5 BIG-IP Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=211815

Trust: 0.6

sources: CNNVD: CNNVD-202210-1407

EXTERNAL IDS

db:NVDid:CVE-2022-41983

Trust: 1.7

db:CNNVDid:CNNVD-202210-1407

Trust: 0.6

db:VULHUBid:VHN-438374

Trust: 0.1

sources: VULHUB: VHN-438374 // CNNVD: CNNVD-202210-1407 // NVD: CVE-2022-41983

REFERENCES

url:https://support.f5.com/csp/article/k31523465

Trust: 1.7

url:https://vigilance.fr/vulnerability/f5-big-ip-no-encryption-via-intel-qat-aes-gcm-ccm-39646

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-41983/

Trust: 0.6

sources: VULHUB: VHN-438374 // CNNVD: CNNVD-202210-1407 // NVD: CVE-2022-41983

SOURCES

db:VULHUBid:VHN-438374
db:CNNVDid:CNNVD-202210-1407
db:NVDid:CVE-2022-41983

LAST UPDATE DATE

2024-08-14T15:00:44.036000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-438374date:2022-10-24T00:00:00
db:CNNVDid:CNNVD-202210-1407date:2022-10-25T00:00:00
db:NVDid:CVE-2022-41983date:2022-10-24T15:57:26.087

SOURCES RELEASE DATE

db:VULHUBid:VHN-438374date:2022-10-19T00:00:00
db:CNNVDid:CNNVD-202210-1407date:2022-10-19T00:00:00
db:NVDid:CVE-2022-41983date:2022-10-19T22:15:13.620